Cyber Attacks On EU Governments Caused ‘Considerable Economic Damage’

Recent cyber attacks on European governments have caused massive economic damage, according to a rapporteur for the European Parliament.

The claim came as MEPs backed a resolution calling on the EU to update the European Security Strategy and increase preparations for cyber conflict.

The resolution, drafted by rapporteur Tunne Kelam of the European People’s Party, said recent cyber attacks against governmental information systems in Europe “caused considerable economic and security damage, the extent of which has not been adequately assessed”.

Governments under threat

The claims suggest many attacks have gone under the radar, given how few serious attacks governments have talked about publicly. Here in the UK, foreign secretary William Hague admitted government machines had been successfully infected by a variant of the Zeus Trojan in 2010. Anonymous has also claimed numerous distributed denial of service (DDoS) hits on government-related sites, including the one belonging to home secretary Theresa May.

Rik Ferguson, director of security research and communication for Trend Micro, said it was likely the report was referring to targeted attacks against governments rather than DDoS strikes.

“These attacks are far more likely to have financial impact then a simple DDoS, as a result of stolen data, interrupted or ineffective negotiation, etc., and they must also be extremely difficult to quantify, but no less real for being so,” he told TechWeekEurope.

Ferguson pointed to a number of recent cases where governments have been targeted. Attackers using the Xtreme RAT (remote access Trojan) were spotted by Trend targeting the UK Foreign Office, as well as the BBC. It is believed the attackers are the same ones who made attempts on Israeli and Palestinian bodies.

EU cyber attacks warning

The resolution called on all EU institutions “to develop their cyber security strategies and contingency plans with regard to their own systems in the shortest time possible”. The resolution, backed by an overwhelming majority of 454 votes in favour, also urged EU member states to create designated cyber defence units within their military structure.

“A majority of highly visible and disruptive cyber incidents are now of a politically motivated nature,” it noted. “There is no internationally agreed form of response to a state-backed cyber attack against another state, nor an understanding of whether this could be considered a casus belli

“Cyber threats and attacks against government, administrative, military and international bodies are a rapidly growing menace and occurrence in both the EU and globally, and that there are significant reasons for concern that state and non-state actors, especially terrorist and criminal organisations, are able to attack critical information and communication structures and infrastructures of EU institutions and members, with the potential to cause significant harm.”

The report also called for “a comprehensive EU cyber security strategy which should provide a common definition of cyber security and defence and of what constitutes a defence-related cyber attack”.

Yesterday, EU cyber agency ENISA encouraged governments to use “honeypots” to lure in hackers to gain a better understanding of how to better secure their data and track down cyber crooks.

Think you’re a security pro? Try our quiz!